Home > Vulnerability Database > CVE-2023-45866

Mend.io Vulnerability Database

CVE-2023-45866

Good to know:

Date: December 7, 2023

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

Language: C

Severity Score

6.3

Related Resources (16)

Url: https://security-tracker.debian.org/tracker/CVE-2023-45866

Url: https://www.debian.org/security/2023/dsa-5584

Url: https://support.apple.com/kb/HT214035

Url: https://security.gentoo.org/glsa/202401-03

Url: https://support.apple.com/kb/HT214036

Url: https://github.com/skysafe/reblog/tree/main/cve-2023-45866

Url: http://seclists.org/fulldisclosure/2023/Dec/7

Url: http://seclists.org/fulldisclosure/2023/Dec/9

Url: https://lists.debian.org/debian-lts-announce/2023/12/msg00011.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45866

Url: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/profiles/input?id=25a471a83e02e1effb15d5a488b3f0085eaeb675

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/77YQQS5FXPYE6WBBZO3REFIRAUJHERFA/

Url: http://changelogs.ubuntu.com/changelogs/pool/main/b/bluez/bluez_5.64-0ubuntu1/changelog

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D2N2P5LMP3V7IJONALV2KOFL4NUU23CJ/

Url: https://bluetooth.com

Url: https://www.mend.io/vulnerability-database/CVE-2023-45866

Severity Score

6.3

Weakness Type (CWE)

Improper Authentication

CWE-287

Top Fix

Upgrade Version

Upgrade to version bluez5 - no_fix

Learn More

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45866

Good to know:

Date: December 7, 2023

Language: C

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?